问题描述
我正在尝试为其创建一个API和一个网站客户端.最近,我已经阅读了很多有关OAuth2作为安全机制的信息,以及一些提供身份验证即服务的公司,例如 auth0.com 甚至Azure Active Directory,我可以看到使用它们的优势
I'm trying to create an API and a website client for it. Lately I've been reading a lot about OAuth2 as a security mechanism and companies that offers authentication as a service such as auth0.com or even Azure active Directory and I can see the advantages in using them
因为我习惯于始终将用户放在同一个数据库和表中,并且与用户表的关系采用一对多的形式,如下所示
Because I'm used to always having the users in the same database and tables with relationships to the Users table in the form of One to Many such as below
public class User
{
public string subjectId { get; set; }
public virtual List<Invoice> Invoices { get; set; }
/*
More properties in here
*/
}
public class Invoice
{
public int InvoiceId { get; set; }
public string PaymentNumber { get; set; }
public DateTime Date { get; set; }
public double Amount { get; set; }
public string Description { get; set; }
public virtual User User { get; set; }
}
那是我的问题.
如果用户存储在外部身份验证服务(例如Auth0.com)中,则
If the users are stored in an external authentication service such as Auth0.com,
- 发票类将如何处理与用户的关系?
- 是否会在Invoice表中添加一个新的属性subjectId,这将采用身份验证服务分配的任何id的值?
在后一种情况下,发票"类是否类似于以下内容?
In the latter case, would the class Invoice be something like below?
public class Invoice
{
public int InvoiceId { get; set; }
public string PaymentNumber { get; set; }
public DateTime Date { get; set; }
public double Amount { get; set; }
public string Description { get; set; }
public string SubjectId{get;set;}
}
此外,如果用户存储在其他地方,您将如何进行查询,例如
Also, if the users are stored someplace else, how do you make a query like,
Select * from Users u inner join Invoices i where Users.Name='John Doe' and i.Date>Somedate.
推荐答案
由于您已经提到Auth0作为身份提供者,因此有多种方法可以在数据库中实现用户表.1.使用Auth0对用户进行身份验证/注册将通过Profile Object发送响应,其中包含您需要的所有基本Profile信息.将此配置文件对象发布回您自己的API,以将其保存到数据库.应该使用您从Auth0收到的访问令牌以及配置文件对象来保护此API端点.2.您可以在Auth0中创建一个自定义规则,将用户信息发布回您的api.该规则在Auth0服务器上执行,因此这是一个安全的调用.3.需要身份提供者(在我们的情况下为Auth0)公开提供我们用户资料数据的API端点(例如: https ://yourdoamin.auth0.com/userinfo ).您可以通过API对此端点进行调用,以接收用户信息.
Since you have mentioned Auth0 as your Identity provider there are multiple ways to achieve the user table in your database.1. Authenticating/ registering the user with Auth0 will send a response with Profile Object which will have all the basic profile information you need. Post this profile object back to your own API to save it to database. This API endpoint should be secured with the access token you received along with the profile object from Auth0.2. You can create a custom rule in Auth0 that posts the user information back to your api. This rule gets executed on Auth0 server so this is a secure call.3. Identity providers (Auth0 in our case) are required to expose an API endpoint that gives us user profile data (ex: https://yourdoamin.auth0.com/userinfo). You can make a call to this endpoint from your API to receive the user information.
当用户注册到您的应用程序时,请使用以下技术之一在数据库中建立用户个人资料信息表.将身份提供者视为负责验证资源所有者(您的应用程序的用户)并提供访问令牌以安全地访问您的API/应用程序的服务,始终是一个好主意.如果您在数据库中拥有该用户的个人资料,则在对用户进行身份验证后,不必依赖身份提供者.
When user Registers to your application, please use one of these techniques to establish a User profile information table in your database. It is always a good idea to treat the Identity Provider as a service responsible for authenticating the resource owner (the user of your application) and providing an access token for securely accessing your API/ application. If you have the profile of the user in your database, you do not have to depend on the Identity Provider once the user is authenticated.
如果您还有其他疑问,请告诉我.
Please let me know if you have any further questions.
谢谢你,索玛.
这篇关于当用户存储在外部身份提供程序服务中时与用户的关系的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!